MEDIUM INTERACTION HONEYPOT FOR NETWORK SECURITY TO DETECT CYBER ATTACKS

397-409


INTRODUCTION
The Network security ought to be a high priority while considering a system setup because of the growing threat of hackers endeavoring to infect as many computers possible. Also, the Internet is comprised of a huge number of systems, interconnected without limit. So, the security is crucial in this environment in light of the fact that any authoritative network is accessible from any computers in the world and, hence potentially vulnerable to threats from people who don't require physical access to it.
Honeypot Systems are phony servers or frameworks arrangement to amass data concerning an attacker or gatecrasher into our framework. Today, Honeypots are still in their earliest stages, developed and utilized principally by analysts and security enthusiasts. Honeypot innovation is pushing forward quickly, and, in future honeypots will be difficult to ignore (Pa et al., 2016).
It can fill the growing gaps left by traditional IDS, which experience the ill effects of false positives and a lack of alert intelligence (Kondra et al., 2016). Accordingly, we're going to see much more extensive deployments in the following years. Remember that Honey Pots don't supersede other regular Internet security structures they are an extra system (Bhuyan, Bhattacharyya, & Kalita, 2015) that make sense of how gatecrashers test and try to get to our frameworks systems. The general thought behind is that since a record of the intruder's exercises is kept, we can get understanding into assault procedures to all the more likely guarantee our genuine creation frameworks. This paper initially focused on what is honeypot and reasons why honeypots are essential in network field. We shall then concentrate on how a honeypot can be setup on a system utilizing kali Linux on Raspberry Pi3. Following this we shall then demonstrate some real time simulation of how honeypots have been utilized and what were the results. At long last we shall talk about our future work that is smart honeypot creation in SCADA environment.

RELATED WORKS
In the literature, we find extensive studies of detecting the attacker by various methods. Many investigations try to reduce the unauthorized activity. However, sometimes it needs more time to predict the hacker and also low accuracy. In their work, Wang and Jones (2018), use 3C Tecnología. Glosas de innovación aplicadas a la pyme. ISSN: 2254 -4143 Edición Especial Special Issue Noviembre 2021 a genetic algorithm to finding misbehavior. Here fuzzy membership function is used with vectorized fitness function in GA for efficient intrusion detections. The experimental result shows that the proposed fuzzy vectorized GA performance is better than the vectorized GA and weighted vectorized GA in detecting network attacks for the considered NSL-KDD dataset. In their research, Sadhasivan and Balasubramanian (2017a), use KDD -Dataset as a datamining.
The multiagent based IDA employs the distance and density-based algorithms for cluster formation. The rules formation in either association or sequential manner detects and classifies the attacks to respective agent. Finally, the fuzzy-rules formulation in MAIDS predicts the intrusion type. In the paper of Meoch (1999), the author improves the IDS and use the multiagent concept with multilevel intrusion detection system. Here we store the attack type is matched with this database then it detects the intrusion. The main advantage is it need less time to detect the intruder. In their work, Lee and Huang (2013), IDS (Intrusion Detection Systems) and IPS (Intrusion Prevention Systems) increasingly use SOM (Self-Organizing Map). Here the total accuracy is 93%. Here the web information is uncertainty.
In their work, Armstrong, Korah, and Salivahanan (2018), can speed up the task execution efficiency, and improve the throughput of the system. Sometime it is Difficult to find the attacker. In the work of Armstrong et al. (2018), intrusion detection is the fundamental research region in field of system security. It includes the observing of the occasions happening in a PC framework and its system. Data mining is one of the advancements connected to ID to develop another example from the gigantic system information just as to decrease the strain of the manual assemblage of the interruption designs. Remembering, data mining techniques are drilled altogether ID and aversion. This article surveys the present condition of data mining technique with ID in a word and features its preferred position and drawback

PROPOSED METHOD
In this paper the Medium Interaction honeypot is created by using ARM based Kali Linux (With Raspberry Pi). Figure 1 indicates that the representation of flow diagram of our work.

MEDIUM INTERACTION HONEYPOT
Interaction based honeypot implies how much the honeypot making an interaction with the attacker. The Low Interaction honeypot is easy to configure and just great at catching Known attack patterns, however it is useless at interacting or finding obscure attack signatures. So, the medium interaction Honeypot is made which will rise above the drawbacks of Low Interaction Honeypot.

ARM BASED KALI LINUX
Kali Linux is a standout amongst the most well-known penetration testing stages utilized by security experts, hackers, programmers, and researchers around the globe for security and defenselessness evaluation attack research and risk testing. It offers a wide assortment of prominent open-source tool that can be utilized in all aspects of penetration testing.
Kali Linux has developed from back track 5 R3 into a model of an entire desktop working framework. The Raspberry pi is an extremely low-cost computer that attachments into a monitor utilizing HDMI (High-Definition Multimedia interface) and utilizations our own USB console and mouse. It gives an environment to learn processing and programming.

SIMULATION OUTPUTS
The proposed idea is tested in real time with various attacking devices with Dynamic IP addresses. When an Intruder trying to block the specific IP address by hitting the particular IP or create a attack, the Medium Interaction honeypot will capture the specific activities. The honeypot act as a production or research honeypots depending on their requirement while implementation. Initially the IP scanning process take place using the nmap command that will be shown by the Figure 3. After completing the scanning process honeypot will produce the entire details like type of attacking device, IP address of the attacking device, time of attack and the configuration.

CONCLUSIONS
Like all technologies, honeypots have their drawbacks, the greatest one being their limited field of view. Honeypots capture only activity that's directed against them and will miss attacks against other systems. For that reason, security experts don't recommend that these systems replace existing security technologies. Instead, they see honeypots as a complementary technology to network-and host-based intrusion protection. The advantages that honeypots bring to intrusion-protection solutions are hard to ignore, especially now as production honeypots are beginning to be deployed. In time, as deployments proliferate, honeypots could become an essential ingredient in an enterprise-level security operation.
We have implemented the Medium Interaction Honeypot and the proposed honeypot will effectively taking action while finding the intrusion. The intrusion was given by the various devices and the response given by the honeypot was presented and analyzed. Anyway, this framework is now implemented for the small network. In future we have planned to implement this work for large-scale real-time automation industries for security in SCADA environment.